Use integrated identity information to create and manage identities and control access to enterprise resources. We provide identity and access management, single sign–on (SSO), access governance, and more.

Detect and respond to all potential threats quickly and decisively. By monitoring user activities, security events, and critical systems, we provide actionable security intelligence to reduce the risk of data breach.

Get affordable, high-performance disaster recovery. We protect your workloads and help you meet or exceed RPOs and RTOs of an hour or less, with mirroring-like performance at a price point approaching tape.

Setting LDAP Screen Options

Using (N)DSTRACE is one of the usual debugging techniques in eDirectory. And you have a lot of options that can be used to get the debug trace messages. One of the options is LDAP that can be used to log the messages specific to any ldap operation.

By default, the LDAP option will log on only the error (critical and non-critical) messages. This article will help you to get the more debugging LDAP messages in the ndstrace by setting the LDAP screen options.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.

One Comment

This is excellent! being able to set the trace to all from the command line is quite useful; thank you!

One question: how do I change the trace settings back? In otherwords, what if I just want the Critical and Error messages to appear? Is there an option to say ‘none’? or ‘off’? I’ve tried many other values, and only ‘all’ seems to work.

I know I can change the bit set attribute ldapTraceLevel to 12288 to have just these two flags set, but I’d love to do something similar from the command line?